‘Ship-to-Ship’ Trade and Other Secrets of North Korea’s Illicit $1.5B Crypto Stash

Experts looking at how North Korea continues to import and export goods despite numerous sanctions agree the country’s $1.5 billion cryptocurrency war chest is used to fund an illicit web of trade networks and supply chains.

Blockchain analytics company Chainalysis said it is “comfortable” with the $1.5 billion figure stated in a recent webinar (a significant increase on various estimates made last year, ranging from about $200 million to $500 million for the amount of crypto amassed by the Hermit Kingdom).

Jesse Spiro, global head of policy and regulatory affairs for Chainalysis, told CoinDesk it’s logical to assume North Korea’s ill-gotten crypto is being moved in trade-based money-laundering networks.

“When it comes to trade-based money laundering, the issue, especially for sanctioned actors, is cross-border money movements,” said Spiro. “When you talk about how North Korea could actually execute this in relation to finances, I believe crypto is used to facilitate it.”

Priscilla Moriuchi, head of nation-state research at Recorded Future and a non-resident fellow at Harvard’s Kennedy School of Government, pointed to recent examples of the Democratic People’s Republic of Korea (DPRK) moving crypto across borders in the latest U.S. Department of Justice indictment of two Chinese nationals involved in laundering over $100 million of crypto.

The “logical conclusion” is North Korean is using cryptocurrencies to fund trade networks, said Moriuchi. Evidence documenting this cross-border movement is still in the early stages of being published, she said.

“I believe it is happening but that we have not been able to document the end-to-end lifecycle yet. We have many pieces of the puzzle we just do not have the complete picture,” Moriuchi said.

Sleuthing by Chainalysis has mapped flows of crypto stolen by North Korean hackers moving to exchanges. As with Moriuchi, the analytics firm has yet to detect concrete links to global trade networks.

“There may be active law enforcement or government investigations into this,” said Spiro. “But even if we were privy to anything like that, it’s not something we would be able to discuss.”

Neither the U.S. Treasury Department nor the Justice Department replied to requests for comment by press time.

Two if by sea

A reliable way for DPRK to circumvent sanctions involves ship-to-ship transfers, the process of moving cargo from one ship to another in the open sea rather than at a port. This can sometimes involve switching off a vessel’s automatic identification system (AIS) or using flags of convenience, where a ship is registered in a country other than that of its owners.

Another key area is cyber activity, including a firm focus on cryptocurrency. The U.N. report points to at least five successful hacks of crypto exchanges in 2017-18. In addition to targeting exchanges, North Korean hacking groups collect cryptocurrency from ransomware attacks and some mining of coins also takes place.

“Given the increased anonymity of cryptocurrencies, newly mined cryptocurrency can be used to facilitate sanctions-evasion activity,” the report from the U.N. panel of experts states.

According to the Royal United Services Institute (RUSI), a U.K.-based security think tank, North Korea uses crypto to pay directly for goods and resources that are explicitly prohibited by international sanctions. Other crypto uses include fundraising with the aim of converting to fiat, or simply stockpiling coins in the hope that prices increase.

As well as directly purchasing sanctioned luxury goods, North Korean actors could use cryptocurrencies to pay for trading services, the RUSI report continues, such as making payments to shipping companies, brokers or other intermediaries who might be willing to accept payment in crypto coins.

“There are all these middlemen that North Korea absolutely needs in order to be able to export goods like seafood or to be able to place workers overseas,” said Kayla Izenman, research analyst at RUSI. “You have to pay these people somehow and a logical way would be to use crypto.”

It also reduces the need to carry undeclared bulk cash, which on occasion gets detected. In October of 2018, for example, the captain of a DPRK vessel was detained at customs in Vladivostok, Russia, carrying $180,000 in black plastic bags.

‘Well-run apparatus’

Since 2016 there has been an attempt to clamp down on North Korea’s coal exports, which used to earn the regime about $1 billion a year. But less attention has been paid to other sanctioned sectors including exports of textiles (earning $760 million per year), seafood ($300 million), iron and lead ore ($360 million), according to RUSI.

This network of supply chains can be combined with North Korea’s technical advancements in areas like crypto, which far outweighs attempts made by other sanctioned countries like Iran or Venezuela, said RUSI’s Izenman.

“North Korea has been doing this for so long and has such a well-run apparatus both within hacking and sanctions evasion, it makes sense they would link those up,” she said.

This “well-run apparatus” comprises technical universities that essentially teach people how to become hackers for the North Korean government.

“That’s all they do, and there are hundreds of them,” said Izenman. “All these subgroups and different bureaus and they all do slightly different things. It’s very clear how much better they are at this than any other nation-state.”

DPRK even organized the Pyongyang Blockchain and Cryptocurrency Conference, an event which led last year to the controversial arrest and indictment of Ethereum developer Virgil Griffith for sanctions violations. The event was scheduled to take place again in late February but may have been postponed because of the coronavirus outbreak.

Curious case

Further insight as to how North Korea is thinking about combining blockchain with illicit trade can be found in the curious case of an Ethereum-based blockchain project called Marine Chain, which also gets a mention in last year’s U.N. Security Council report.

Back in October 2018, the U.N. panel was informed that Hong Kong-registered Marine Chain, which would tokenize ownership of vessels, was backed by at least one DPRK individual.

It’s unclear whether Marine Chain was expected to go into production, or if it was simply a means to raise funds via an initial coin offering (ICO). In any case, the project’s shady owners vanished soon after being contacted by security officials.

“The platform could be used to generate money for the regime and as a potential means of evading sanctions on shipping by creating a new method of obscuring the ownership of a vessel,” the U.N. report stated.